I was doing a systems walkthrough at an agricultural research facility a few years back. Multi-site operation, global reach, ERP-dependent from seed inventory to field reporting. The kind of place where if IT goes down, so does the data that determines what gets planted next season.

Halfway through the floor, an operations manager pulled me aside and pointed to a control panel on a fertilizer mixing line. Old unit. The kind of PLC that’s been running the same ladder logic since before anyone at the company knew what ladder logic was. It controlled the mixing ratios, logged the output, and handed off batch data to a workstation that fed the ERP.

“We had someone in here last month, AI vendor. ” he said. “ Said they could optimize the batch process. Read the sensor data, adjust ratios in real time, improve yield.”

I asked if they’d done a pilot.

He said they hadn’t. But three people on his team were already using the vendor’s tool on their own laptops to pull historical sensor data and run their own analysis. Informally. No IT sign-off. No security review. No one had told the ERP the numbers were being touched.

That’s not a story about rogue employees. That’s a story about a vacuum.

How AI actually enters a manufacturing operation.

When AI tools started becoming easy to use, most manufacturing operations were not ready for what happened next: the tools came in through the browser. Not through IT. Not through a vendor contract. Through a free account someone signed up for with their work email, a Chrome extension that looked harmless, a dashboard that marketing was already using that someone in ops decided to try.

None of it shows up on your network diagram. None of it shows up in your software inventory. And most of the people using these tools aren’t hiding it — they genuinely don’t think it’s a security question. They think it’s a productivity question. They’re right about that. They’re just not thinking about the other question.

According to Microsoft’s 2024 Work Trend Index, 78% of AI users are bringing their own AI tools to work — and at small and midsize businesses, that number climbs to 80%. In manufacturing environments, that figure almost certainly undercounts what’s happening on the operations side, because operations teams have never waited for IT approval to solve a production problem. They find the tool that works and they use it.

The risk nobody’s talking about.

The real risk isn’t that AI will break your systems. It’s that AI will touch your systems in ways you can’t see, through paths you didn’t approve, integrated with data sources you didn’t inventory.

PLCs are a specific problem here. They weren’t designed with AI connectivity in mind. The ladder logic running your mixing line, your conveyor sequencing, your temperature controls was written to be reliable and deterministic. It does the same thing the same way every time. That’s the point.

When someone starts pulling data off those systems through an unsanctioned tool, they’re not just creating a data governance issue. They’re potentially creating a control loop issue. If the AI output feeds back into operations decisions — and it will, because that’s why people use these tools — you’ve introduced a variable into your production environment that nobody mapped and nobody owns.

Your ERP is downstream from that. If the AI tool is interpreting your sensor data and someone is using those interpretations to make batch decisions, and those decisions affect what gets entered into the ERP, you now have a second system of record. You just don’t know it yet.

This is the version of AI risk that doesn’t make it into the vendor webinars. The vendor webinars are about opportunity. The floor is where you find the exposure.

What a governed path actually looks like.

According to a 2026 study aggregating Gallup and McKinsey data, 44% of U.S. workers say their employer has no clear AI policy, or aren’t sure if one exists. At smaller companies, that number climbs to 59%.

An AI policy in a manufacturing environment isn’t a compliance document. It’s an inventory question.

What data are your people already sending to AI tools? Which systems are those tools touching? Where does the output land, and what decisions is it informing?

You don’t need to ban AI to answer those questions. Companies that try to ban it just drive it further underground — which is exactly the wrong direction when the risk is already about things you can’t see. What you need is a governed path: a way for operations teams to bring AI requests through IT so you can vet the vendor, define the data boundary, and make sure that when a tool touches your production data, it does so in a way that doesn’t create a shadow system nobody mapped.

The agricultural research facility I mentioned made that decision. They ran a formal pilot with the AI vendor, under IT oversight, with clearly defined data scope. The operations team got the yield optimization they were after. IT got visibility into what was touching the control systems. The ERP stayed as the single source of truth.

That’s not a technology story. That’s a governance story. And in my experience, the companies that get AI right in manufacturing are the ones who recognize that before the side door quietly opens.


If you’re not sure what AI tools are already touching your production environment, that’s the conversation worth having first. Schedule a conversation →